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REMARKS 

Specification 

The status of U.S. Application No. 60/272,521 has been updated on page 1 of the 
specification. 

Claims 

Amendment to claim 19 is for the purpose of clarifying what Applicant regards as the 
invention. Amendment to claim 32 is to correct a typographical error. No new matter has been 
added. 



I. CLAIM OBJECTION 

Claim 32 stands objected to because a period is missing at the end of the sentence. Claim 32 
has been amended to overcome the objection. 

II. CLAIM REJECTIONS UNDER 35 U.S.C. S 102/103 
Claims 1-18 

Claim 1 stands rejected under 35 U.S.C. § 102(e) as being anticipated by U.S. Patent No. 
6,289,462 (McNabb). Applicant respectfully notes that, in order to sustain a rejection under §102, 
each element in the rejected claim must be found, either expressly or inherently, in the cited 
reference. 

Claim 1 recites storing database user authorization in a central directory, wherein the 
database user authorization comprises a user role, locally defining the user role at a network node, 
and granting user privileges on the network node based upon the user role. McNabb does not 
disclose or suggest such limitations. According to the Office Action, colunm 5, lines 20-30 and 
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47-61, and column 6, lines 26-29 of McNabb disclose the above limitations. However, the cited 
passages disclose: 

The present invention provides a method of processing requests from a plurality of 
computing devices at a trusted server comprising the steps of: receiving an incoming request 
for a data object; assigning a sensitivity label to an incoming request for a data object; 
reading extended attributes at a first storage destination associated with the data object; 
redirecting the incoming request to a second storage destination for the data object based on 
the combination of the sensitivity label and the extended attributes; executing an action 
associated with the redirected request. 

Following the configuration mode, a method . . . further comprising the steps of: receiving a 
request related to the commercial software product at the trusted server comprising a request 
name, and address indicia; assigning a sensitivity level from the address indicia for the 
request related with the commercial software product; determining from the request a first 
location for a process to be executed for the commercial software product; retrieving the 
appUed attributes for the process of the commercial software product stored at the first 
location; comparing the applied attributes to the assigned sensitivity level for the request; 
executing the process requested where the process retrieved is correlated to the applied 
sensitivity level. 

A trusted server. . . comprises storage means for storing a plurality of data objects with 
extended attributes in at least one data partition; processor means for receiving requests and 
executing processes in response to the user requests 

As such, the cited passages do not disclose or suggest storing database user authorization in a central 

directory, wherein the database user authorization comprises a user role. Nor do the cited passages 

disclose or suggest locally defining the user role at a network node, or granting user privileges on the 

network node based upon the user role. For at least the foregoing reasons, claim 1 and its dependent 

claims, are believed allowable over McNabb. 

Claims 19-38 

Claims 19 and 26-37 stand rejected xmder 35 U.S.C. § 103(a) as being unpatentable over , 
McNabb in view of U.S. Patent Application Publication No. 2002/00828 18A1 (Ferguson). Claim 19 
recites user access information data objects stored in a LDAP directory, the user access information 
data objects comprising authentication and authorization information, wherein the authorization 
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information is associated with a scope of access for a user. McNabb and Ferguson do not disclose 
or suggest such limitations. Applicant agrees with the Examiner that McNabb does not disclose or 
suggest a LDAP directory, even less, a LDAP directory storing authorization information that is 
associated with a scope of access for a user. According to the Office Action, figure 3 and paragraph 
4 of Ferguson discloses using a LDAP directory. However the cited passage of Ferguson actually 
states: 

In FIG. 3, a system 300 is illustrated, which is suitable for automated provisioning, remote 
access and maintenance of network devices. Another system in which models according to 
the present invention can be implemented is described in U.S. patent application Ser. No. 

, entitled "AUTOMATED PROVISIONING FRAMEWORK FOR INTERNET SITE 

SERVERS" to Raymond Suorsa et al. filed on an even date herewith, the disclosure of which 
is incorporated here by reference. A database 302 can be used to implement the data model 
according to exemplary embodiments of the present invention. This database 302 may reside 
on any large scale storage device. For example, suitable storage devices upon which the 
database associated with the data model of the present invention may be stored include 
redundant array of independent disks (RAID) systems, such as those provided by EMC 
Corporation of Hopkinton, Mass., or other similar devices. This database 302 may be 
accessed by the various agents 304A, 304B, 304C, whose level of access may be determined 
by a hierarchy of trust component 306. Additionally, a user interface 308 may be provided 
for the convenience of a user in accessing information contained within the database 302, or 
software contained within the software file system 310. The determination of the level of 
access granted by the user interface 308 is made by the hierarchy of trust component 306. 
Access determination information is stored by the access determination component 312, 
which is accessible by way of database 302. This is accompUshed by using a hierarchical file 
structure in which specific access is determined and operated only to those users to whom it 
should be granted. This is accomplished by user authentication via a lightweight directory 
access protocol (LDAP) server that authenticates users within particular domain names that 
map to specific customer accounts. The hierarchy of trust component 306 interprets the data 
related to it from the database 302, and communicates this data, or the interpretation thereof 
to the various agents 304A, 304B, 304C, and/or the user interface 308. 

As such, the cited passage also does not disclose or suggest a LDAP directory storing user access 

information that is associated with a scope of access for a user, as recited in claim 19. Since 

McNabb and Ferguson both fail to disclose or suggest the above limitations, they cannot be 
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combined to form the subject matter of claim 19. For at least the foregoing reason, claim 19 and its 
dependent claims, are believed allowable over McNabb, Ferguson, and their combination. 
Claims 39-51 

Claim 39 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over McNabb in 
view of U.S. Patent Application Publication No. 2002/0026592A1 (Gavrila). Claim 39 recites 
storing database user authorization in a central directory, wherein the database user authorization 
comprises a user role, locally defining the user role at a network node, and granting user privileges 
on the network node based upon the user role. As discussed previously with reference to claim 1, 
McNabb does not disclose or suggest these limitations. Gavrila also does not disclose or suggest the 
above limitations, and therefore, fail to make up the deficiencies present in McNabb. Since McNabb 
and Gavrila both fail to disclose or suggest the above limitations, they cannot be combined to form 
the resulting subject matter of claim 39. For at least the foregoing reasons, claim 39 and its 
dependent claims are believed allowable over McNabb, Gavrila, and their combination. 
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CONCLUSION 



Based on the foregoing, all remaining claims are believed allowable and a Notice of 
Allowance is respectfully requested. If the Examiner has any questions or comments regarding this 
amendment, the Examiner is respectfully requested to contact the undersigned at the number listed 



The Commissioner is authorized to charge any fees due in connection with the filing of this 
document to Bingham McCutchen's Deposit Accoimt No. 50-2518 , referencing billing number 
7010852003. The Commissioner is authorized to credit any overpayment or to charge any 
underpayment to Bingham McCutchen's Deposit Account No. 50-2518, referencing billing number 
7010852003. 



Bingham McCutchen LLP 
Three Embarcadero Center, Suite 1800 
San Francisco, California 94111-4067 
Telephone: (650) 849-4870 
Facsimile: (650) 849-4800 
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